An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.
References
Link | Resource |
---|---|
https://fortiguard.com/advisory/FG-IR-18-384 | Mitigation Vendor Advisory |
https://www.fortiguard.com/psirt/FG-IR-20-233 |
Configurations
Configuration 1 (hide)
|
History
03 Jun 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
Summary | An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests. | |
References |
|
|
Information
Published : 2019-06-04 21:29
Updated : 2023-12-10 12:59
NVD link : CVE-2018-13379
Mitre link : CVE-2018-13379
CVE.ORG link : CVE-2018-13379
JSON object : View
Products Affected
fortinet
- fortios
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')